How to Secure Your Source Code: Get the Industry Report

Data breaches are preventable, and no one wants to be the next big breach story. Learn how to secure your source code in 2019.

Controls

Controls

Advanced User Permission Controls

Advanced User Permission Controls allow you to limit access to projects and repositories based on user type, as well as give you the power to customize access to all projects and repos. This security feature greatly reduces the amount of time you spend managing your team while helping you achieve security peace of mind in the software development process.

Authentication

With a bird's-eye view of your users and the files and repos they can access, Assembla makes it easy to oversee the work that happens both inside and outside your company. Flexible permissions for users and groups ensure everyone in your organization gets the right level of access. Plus, you can count on a quick setup and rollout with AD/LDAP for simple user account management, as well as SAML 2.0 for streamlined integrations with Single Sign-On (SSO).

Screenshot

Read Our Documentation

Compliance

Compliance

Assembla is dedicated to providing best-in-class security, compliance, and data protection for our customers. Whether you need to meet specific industry regulations or international security and data privacy standards, Assembla has all of the tools needed to become and stay compliant.

Track each change made to your source code from project start to finish. Quickly prove to auditors that your organization has the control and monitoring in place to ensure regulatory compliance. Track actions like repo access, code reviews, merge requests, Git pushes, and more. Search for activity by specific users and specific date ranges and generate audit reports straight from your browser.

Make Audits More Efficient

Audit logs let you track actions like repo access, code reviews, merge requests, Git pushes, and more. Search for activity by specific uses and specific date ranges and generate audit reports straight from your browser in XML, CSV, or PDF so your audit process is quick and painless.

User Activity Audit Reports

Automate your workflows to take the work out of regulatory compliance. Require code reviews and prevent commits from users groups with Protected Branches. Receive emails and push notifications when key changes are made to your source code.

Automated Workflows and Notifications
  • PCI
  • CSA
  • AICPA
  • PRIVACY SHIELD
  • UE
Static Analysis

Static Analysis

More than 75% of breaches are caused by developers inserting secret keys and passwords directly into source code. Assembla automatically finds access keys and passwords left in your code and notifies your team before they’re deployed. Analyze your entire code base for vulnerabilities and scan each commit, instantly, as they occur.

Automated Workflows and Notifications
Package Management

Package Management

Assembla’s MyGet is a universal package manager that integrates with your existing source code ecosystem and enables end-to-end package management. Centralized package management delivers security, consistency, and governance to your DevOps workflow. Learn more

DevOps Consistency and Governance

DevOps Consistency and Governance

MyGet real-time software license detection tracks your teams package usage and detects dependencies across all of your packages. Customized usage policies ensure your teams are only using approved packages while reporting vulnerabilities and outdated packages early in your software build and release cycles.

Automate & Integrate

Automate & Integrate

MyGet automates build and packaging processes from a centralized cloud platform. MyGet speeds up the development lifecycle while integrating seamlessly with your existing DevOps workflows. Package, version, & publish from GitHub, Assembla, Visual Studio Team Services, and BitBucket.

Assembla’s Approach to Security

Assembla’s Approach to Security

Security and risk mitigation are top priorities for our team. The mindset we bring to our business helps make your business more secure. Our operational playbook includes a bottom-up evaluation of the risks to security, risk mitigation techniques, and ongoing areas of investment to further reduce risks.

Data Security is Our Priority

Data Security is Our Priority

We offer the Assembla service from multiple data centers with strong security practices that are independently validated by third-party auditors. Every file you store with Assembla is maintained and encrypted using AES 256-bit encryption in geographically diverse areas, leveraging both the Assembla data centers as well as the redundant facilities managed by our partner AWS.

Data Security is Our Priority

Compliance Certifications

Assembla is fully certified with PrivacyShield and has successfully completed the Cloud Security Alliance STAR self-assessment. We are Level 3 PCI certified and partner with Level 1 provider Chargify to process transactions, and our security controls are audited each year, following the AICPA SSAE-16 SOC 2 guidelines for the Security and Availability principles. The full report is available upon request.

Data Security is Our Priority

Continuous Pen Testing

Assembla uses HackerOne, a leading premier vulnerability coordination platform. The basics of HackerOne are simple. Assembla creates our own security program page with instructions for HackerOne experts.

Data Security is Our Priority

Risk Management Planning & Process

Our operational playbook includes a bottom-up evaluation of the risks to security, risk mitigation techniques and ongoing areas of investment to further reduce risks, surrounded by a 24/7/365 DevOps team.

Data Security is Our Priority

Team Credentials & Expertise

The Assembla leadership team has over 100 years of combined experience serving clients with dedicated & cloud hosting, source control systems & software, and project management. We enable over 1 million users distributed in over 100 countries to manage all of their repos from a central, secure control point with industry-leading compliance and security.